RandomSecurityCookieFilter
.
Using the JSESSIONID like this might let an XSS attacker hijack a session. See GitHub issue #484@Deprecated public class HttpSessionSecurityCookieFilter extends AbstractHttpSessionSecurityCookieFilter
Constructor and Description |
---|
HttpSessionSecurityCookieFilter(String securityCookieName)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
protected javax.servlet.http.HttpSession |
getSession()
Deprecated.
|
destroy, doFilter, init
public HttpSessionSecurityCookieFilter(String securityCookieName)
protected javax.servlet.http.HttpSession getSession()
getSession
in class AbstractHttpSessionSecurityCookieFilter
Copyright © 2010–2014 Arcbees. All rights reserved.